Analyste des opérations de sécurité

Location: Flexible (100% Remote)

Reporting To: Security Engineer

The Security Operations Analyst plays a key role in monitoring, detecting, and responding to security events, including potential incidents. They support security operations through tool configuration, process automation, and the operational implementation of the organization’s security and business continuity policies.

This role also involves active contribution to vulnerability management and remediation, as well as tasks related to Identity and Access Management (IAM). The analyst must demonstrate strong technical expertise, operational execution capabilities, and cross-functional coordination skills to maintain and strengthen the organization’s overall security posture.

Related Work Roles under NICE Workforce Framework for Cybersecurity:

- OG-WRL-014 – Systems Security Management
- CI-WRL-001 – All-Source Analysis
- CI-WRL-002 – All-Source Collection Management
- IO-WRL-004 – Network Operations
- PD-WRL-004 – Infrastructure Support
- PD-WRL-007 – Vulnerability Analysis
- PD-WRL-003 – Incident Response

Key Responsibilities:

Identity and Access Management

- Enforce authentication policies, including MFA, and monitor authentication logs for anomalies.
- Configure and manage privileged access in alignment with internal policies, ensuring access is granted on a least-privilege basis.
- Perform periodic reviews of access and privileges to ensure compliance with policies, aiming to limit excessive access and reduce security risks.
- Establish reporting protocols to improve visibility into security indicators and document security measures and system configurations, especially related to IAM.

Incident Detection, Response & Management

- Assist in setting up and refining detection rules, aligning log sources, and implementing remediation from external security assessments.
- Act as the first line of response for security events, classifying incidents according to the Incident Response Plan (IRP).
- Participate in tabletop exercises and document post-mortem analyses for operational improvements.
- Contribute to investigations and remediation plans for network security incidents.

Security Configurations & Automation

- Assist in operational scripting and tool configurations under the guidance of the Security Engineer.
- Support automation of security tasks such as patch management, log analysis, and compliance checks, especially for audits.
- Contribute to deploying and improving correlation rules for SIEM, firewall alerts, IAM policies, and SOAR tools.
- Document configurations thoroughly and validate their effectiveness.

Asset Inventory & Security Monitoring

- Coordinate with Cotality to ensure continuous updates of the asset inventory for on-premises, cloud, network, and endpoint devices.
- Collaborate with team leads to maintain accurate asset ownership and classification records.
- Participate in deploying and operating automated asset discovery and monitoring tools for real-time asset visibility.
- Support asset lifecycle management including decommissioning, disposal, and secure data wiping.

Backup & Business Continuity

- Verify successful backups and compliance with security policies (e.g., encryption).
- Monitor backup logs for failures or anomalies affecting disaster recovery.
- Support tabletop exercises and recovery tests to validate business continuity and DR plans.
- Document security configurations related to critical systems for recovery planning.
- Assist in contingency planning for security incidents impacting operations.

Threat Management & Monitoring

- Maintain threat models and contribute to threat intelligence sharing, aligning with security frameworks.
- Support vulnerability management through regular assessments and API vulnerability monitoring.
- Establish reporting protocols and KPIs for vulnerability management.
- Assist in remediating vulnerabilities promptly and documenting for compliance.

Qualifications:

- Educational Background: Bachelor’s degree in computer science, cybersecurity, or a related field (or equivalent work experience).
- Experience: 3–5 years in security operations, vulnerability management, and incident response in cloud and network environments. Experience with SIEM and privileged access management (PAM). Hands-on with security tools, incident management, and remediation support.
- Certifications (Preferred but not mandatory): Security+ (CompTIA), CISSP, GSEC, CCSP, AWS Security, Azure Security Engineer, GCIH, Certified Ethical Hacker.

Technical Skills:

- Strong understanding of vulnerability management, including tools like Qualys.
- Experience configuring and monitoring security tools for firewalls, IAM, and SIEM platforms.
- Ability to implement and optimize detection and correlation rules.
- Knowledge of incident handling, threat containment, forensic analysis, and root cause investigations.
- Basic automation skills (scripting) are a plus.

Soft Skills:

- Problem-solving and analytical skills, attention to detail.
- Ability to work independently and follow guidance.
- Effective communication for incident documentation and collaboration.

Operational Focus:

- Hands-on approach with commitment to continuous learning and adapting to new threats and tools.

#J-18808-Ljbffr